Configure PPTP-based Remote Access

  • Article

Updated: April 30, 2010

Applies To: Windows Server 2008, Windows Server 2008 R2

Deploying PPTP-based remote access VPN connections by using Windows ServerĀ 2008 consists of the following:

  • Configuring the remote access server as a corporate intranet router

  • Configuring the VPN server

  • Configuring firewall packet filters

  • Configuring network policies

Configuring the remote access server as a corporate intranet router

For the remote access server to properly forward traffic on the corporate intranet, you must configure it as a router with either static routes or a routing protocol, such as Routing Information Protocol (RIP), so that all of the locations on the intranet are reachable from the remote access server. For information about configuring routing, see Configure Routing on a VPN Server.

Configuring the VPN server

You can configure your VPN server by running the Routing and Remote Access Server Setup Wizard. You can use the wizard to configure the following settings:

  • The method by which the VPN server assigns IP addresses to remote access clients (either using addresses that the VPN server obtains from a DHCP server or by using addresses from a specified range of addresses that you configure).

  • Forwarding of authorization and authentication messages to a Remote Authentication Dial-In User Service (RADIUS) server (configuration of the VPN server as a RADIUS client).

After you run the Routing and Remote Access Server Setup Wizard, these RRAS settings are automatically configured:

  • Network interfaces

  • IKEv2, SSTP, PPTP, and L2TP ports (5 or 128 of each, depending on your choices when running the wizard)

  • Multicast support using Internet Group Messaging Protocol (IGMP)

  • IP routing

  • Installation of the DHCP Relay Agent component

Configuring firewall packet filters

If you are using a firewall, you need to configure packet filters on your firewall that allow PPTP traffic between Internet-based VPN clients and the VPN server computer. For more information, see Appendix B: VPN Servers and Firewall Configuration.

Configuring network policies

For an access-by-user administrative model, you need to set the network access permission to Allow access on the user accounts for those users who will be making VPN connections. For an access-by-policy model, use Network Policy Server (NPS) to configure remote access network policies. For more information, see Configure a Remote Access Network Policy.